Privacy Commissioner responds to privacy complaint

I finally heard back from the Office of the Privacy Commissioner about my complaint against the RSL club (to be fair, it may have been sitting in my PO Box for a while – I don’t check it as often as I should!). They said that the Privacy Act prevents them from investigating my complaint if I have not first complained directly to the organisation I am making the complaint against.

And although I have previously raised my concerns with the club, I thought I should tell them about the Privacy Commissioner’s letter and give them a final opportunity to respond. …continue reading…

June 25, 2007 | Filed Under case study | Leave a Comment 

Privacy report - Google takes heat for Apple, Yahoo and others

The Google-focussed media frenzy following the release of a privacy report by Privacy International saying that Google is “leading a race to the bottom” must have Apple, Yahoo and the other companies analysed breathing a huge sigh of relief!

ZDNet, Australian IT, The Sydney Morning Herald and countless others have published stories about Google’s placement in the worst of six categories (and Google has refuted many of the claims, as expected). Which is understandable – the label “hostile to privacy” makes for a great headline. …continue reading…

June 19, 2007 | Filed Under article | Leave a Comment 

Top 10 ways to prevent Identity Theft

Identity theft is a growing problem and the thieves are getting smarter. Follow these tips to help you stay one step ahead! More…

1. Pay at the till. Don’t let waiters or shop assistants take your credit card out of your sight when paying for a meal. They only need a second to swipe it through a gizmo and suck all the information off it (this is called ‘skimming‘). Go up to the till to pay instead.

2. Shred-it! Dispose of your bank statements, medicare correspondence, and other papers containing your personal information properly. If you work in an office, your company may have secure disposal bins. They’re like the big wheelie bins, but are padlocked closed and have a slit in the top to put your papers into. If not, consider investing in a shredder or, if that’s outside your budget, a packet of matches (yes – burning things is bad for the environment, but if you rip out your personal information from the piece of paper and just burn that, you’re minimising the risk – both to the environment and to you!).

3. Copy-wrong. Don’t let anyone photocopy your ID. Most of the time they just need to sight it. Sometimes they need to write down your ID reference number (e.g. your drivers license number). Many times when they want to take a photocopy of your ID they don’t really need to. If they insist, ask them if they’re aware of their obligations under the privacy act and get them to tell you what they are. If they can’t tell you, don’t trust them with your personal information.

4. Whose website is it? Before entering your credit card details into a website, check a couple of things: is it a reputable site? Is the site secured (is there a padlock in the lower-right corner?)

5. User profiles. When creating a user profile on social networking or other sites, don’t provide your address and phone numbers if they can be viewed by anybody who chooses to look. For example, if you enter those details when creating your skype account, anyone can view them – even before you’ve accepted them as a contact! Aside from leaving you open to contact by random freaks and weirdos, this makes for easy pickings for identity thieves.

6. Know your credit status. Banks and many other organisations use your credit file to help determine your credit-worthiness. Your credit file is updated every time you open a bank account, get a new credit card, or do anything else that affects your credit status. Sign up to receive an email every time your personal credit file changes. Then, if you (or an identity thief) open a bank account in your name, you will be sent an email. MyCreditFile offer this service for $30 per year. And yes – I know this one is ‘detection’ rather than ‘prevention’, but I think it’s important so I’m including it anyway!

7. Type it yourself. Never follow a link to your internet banking website. Type the URL in yourself, and check for typos before continuing.

8. Be ‘social engineering’ savvy. Only provide personal information over the phone if you initiated the call. If you receive a phone call from someone claiming to work for your bank and asking you to confirm your identity by providing your account number or other personal information – don’t give it to them. This is called social engineering and it’s one of the easiest ways for identity thieves to get hold of your personal details.

9. Boring but important: Network Security Software! Install anti-spyware and virus protection, and keep the signatures up to date and run them regularly. If you have a computer at work, chances are your company does this for you, but keeping your home computer safe may be your responsibility. Check out these free ones: Spybot Search and Destroy, Lavasoft Ad-aware, and Grisoft AVG.

10. Downloading files. Be careful when you download executables or any files off untrusted sites. If the site provides a checksum for the download, check that it matches (I’ll explain how to do that in a future post).

11. Limit the potential damage. Open a credit card with a low credit limit to use for internet transactions. That way if someone steals the details the amount of damage they can do is limited.

I know – that’s eleven – but squashing it down any further was impossible!

June 13, 2007 | Filed Under article | Leave a Comment 

RSL scan drivers license

You know that RSL club that I suspected of putting me at risk of identity theft when they scanned my drivers license? Well, they’ve emailed me back again with a bit more information – now I’m really worried!

What information did they collect?

One of my questions was, had they actually taken a copy of my whole drivers license, or simply extracted the pieces of information that they needed (name, address, signature)?

The reply confirmed my worst fears – “inserting the license in the terminal scans an image of the actual license”! How hard would it be for someone with access to that image to create a copy of my drivers license? They could then rack up points on my license by speeding, or worse – by not parking rear-to-curb in a rear-to-curb-only parking spot!

Or, they could modify the image to change the postal address to their neighbour’s, then create a fake license from the modified image, use that as ID to open a credit card account in my name, get the card posted to the address on the ID (their neighbours house), and steal the license from the neighbours letter box in a few days time. Too easy!
…continue reading…

May 29, 2007 | Filed Under case study | 1 Comment 

Response from the RSL club

Well, I’ve heard back from the RSL club that took a scan of my drivers license (see original post).

They answered some of my questions – and raised some more. …continue reading…

May 22, 2007 | Filed Under case study | 1 Comment 

The identity theft arms race

I remember when I was about 10 years old and some friends of my parents went to Thailand for a holiday. They were reasonably well off – he was an accountant with one of the big firms and she wore fabulous faux-fur coats (back when killing animals to satisfy hedonistic pleasures was still considered uncool). So you can imagine their embarrassment when, a month or so later, their credit card was declined when they were attempting to pay for dinner with friends! …continue reading…

May 21, 2007 | Filed Under article | Leave a Comment 

Privacy matters, even at RSL clubs!

I love a good meat raffle – especially down at the local RSL!

You rock up 5 minutes before the ticket sales close, hand over a 20 and get a wad full of numbers back. Off to the bar for a cheap-as-chips beer before settling in at a table – smug in the knowledge that you’re almost guaranteed to win something!

You know how, if you live within a 5km radius of a club you have to become a member? (Some rule to do with government grants or funding or something…) So they ask you for ID when you go in. Usually you just flash your drivers licence, and fill in a slip with your name, address, the date, sign it and you’re on your way.

Well, the other day I went over for a meat raffle at a certain NSW club (>5km from my home btw). And, instead of asking me to fill in a slip, I was directed to a shiny new machine in the foyer. I must have looked a little unsure of what was expected of me, because the helpful gentleman at the door showed me what to do by taking my drivers license and inserting it into the machine. Seconds later, my licence was returned, along with a printed slip with my name on it. …continue reading…

May 12, 2007 | Filed Under case study | 3 Comments